Logging to a Syslog Server

Logging information is crucial to understanding hiccups in your network infrastructure. Commonly this is done by SYSLog. This lab will discuss and demonstrate the configuration and verification of SYSLog.

Real World Application

In production networks routers moan and groan every minute theoretically speaking. Interfaces going up and down, ACL hit counts incrementing, configuration changes and etc… From an administrative standpoint one needs to track all the messages that the devices generate, these are known as system log messages. Of course one would never log each device to its self as this would be an administrative disaster to have to pull logs from every single device in the network. Most companies that have a full time engineer would no doubtingly place a SYSLog server in the network to collect all the messages generated by Cisco devices.

After all why check tens, hundreds if not thousands of devices for local log messages when you can check a single server for log messages of every device in the network?

Lab Prerequisites

If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1.

Establish a console session with devices R1 than configure the devices respected hostname(s).

Verify the SYSLog messages are correctly sent to the Kiwi SYSLog Server.

Lab Instruction

Step 1. – Configure R1 to enable logging towards the host IP address assigned to your Cloud 1 Adapter. To complete this objective you will use the logging host x.x.x.x command whereas x.x.x.x is the IP address of the SYSLog Server as shown below;

R1 con0 is now available
Press RETURN to get started.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#logging host 192.168.2.3

Step 2. – Configure the logging option to log level 7 (Debugging) messages and lower. To complete this task you will use the logging trap command followed by the level highest level you wish to log (1-7)

Step 4. – Verify the SYSLog messages are correctly sent to the Kiwi SYSLog Server.

To verify the remote SYSLog is configured properly on R1 you’ll need a SYSLog server configured on your host machine. For the purposes of the Free CCNA Workbook lab, Solarwinds Kiwi Server is used for configuration verification. The Kiwi SYSLog Server IP address is 192.168.255.10/24 and R1’s FastEthernet0/0 IP Address is 192.168.255.1/24

A screen shot below that Solarwinds Kiwi is properly receiving the SYSLog messages; Click image to enlarge in new web browser tab.